Proposal regarding security chapter

Remko Lodder remko at elvandar.org
Thu Nov 25 21:12:30 UTC 2004 

Tillman Hodgson wrote:
> On Sun, Nov 21, 2004 at 04:51:12PM -0800, Murray Stokely wrote:
> 
>>On Fri, Nov 19, 2004 at 09:00:01PM -0600, Tillman Hodgson wrote:
>>
>>>V System Administration -> MAC -> Biba
>>>V System Administration -> Firewalls -> PF
>>>V System Administration -> Kerberos5
>>
>>I think you mean 'Security' here.  As in a new Security <part>, rather
>>than two <parts> named 'System Administration'.
> 
> 
> Yes.
> 
> 
>>>Basically putting all of the security topics on equal footing. This
>>>highlights the importance of security, makes individual topics easier to
>>>find (and less "deep" in level), 
>>
>>Adding a new part and pushing the total chapter count to 30 is going
>>to remove some of "easier to find" justification.
> 
> 
> I find that a finely-grained ToC is generally more useful, *especially*
> in a reference manual.
> 
> 
>>This would also move content about SSH and MAC away from chapters
>>about NIS, Unix accounts, other network services, etc.
> 
> 
> I don't have a problem with that.
> 
> MAC has its own chapter and there's a proposal to make Firewalls its own
> chapter. I think that this trend will continue as more detailed
> documentation is written about the various security topics.
> 
> As a hypothetical end user looking for Security information, if I look
> in III System Administration -> Security I'm no longer getting the whole
> picture. It's become a "Where's Waldo?" adventure :-)
> 
> 
>>I like the original suggestion best: moving the firewall (and OpenSSH
>>sections) out of security and into the Network Services <part>.
>>Network Services is our newest part, and the System Admin part has
>>twice as many chapters as the Network Services <part>.  We should just
>>continue the work that began this summer of moving the network bits
>>out of the general System Administration part and into the Network
>>Services part.  That's what it was created for.
> 
> 
> iI agree with you as far as network services are concerned. However, I
> think that Security is a different topic than network services (albeit
> with some overlap).
> 
> I guess my concern boils down to this: A hypothetical user who wants to
> learn about security w.r.t FreeBSD *but doesn't yet know the right
> buzzwords* doesn't have a place to look. They might be able to pick it
> up by osmosis if they read two of the largest sections of the Handbook,
> but I don't consider that a good solution.
> 
> I admit to bit of bias in this area. In another of my aspects I'm a
> security consultant so I tend to advocate making security information
> as prominent and accessible as possible.
> 
> 
>>I don't think adding another <part> for Security issues is a logical
>>division point with just two candidate chapters at this point.
> 
> 
> Perhaps poor communication on my part, as I wasn't proposing to create a
> new <part> for only two chapters.
> 
> Most of the sub-chapters within the existing Security chapter could
> easily be promoted to full chapters. For example, I have a patch for
> Kerberos5 being reviewed (hopefully ;-)) that will, as a by-product of
> covering more sub-topics, expand the sub-chapter by a noticable amount.
> My plan is to next write a second patch to cover the use of OpenSSH in a
> Kerberos environment. At that point it'll be almost unwieldy as a
> sub-chapter.
> 
> I believe that it would be much better organized if it was a chapter
> rather than a subchapter -- it's now organized into broad section that
> would work well in that format, and when I see headings like
> "14.8.1.2.1" it's starting to resemble SNMP OIDs ;-)
> 
> 
>>Security topics are integral to both System Administration and Network
>>Services, and we shouldn't remove security information from those
>>parts to make a new one.
> 
> 
> Or, from a security guys point of view, security topics transcends both
> system administration and network services and we shouldn't be burying
> the security information ;-)
> 
> 
>>All of these proposals seem to have two things in common :
>>
>>1. The security chapter is too big.
>>2. The firewalls information should go into a separate chapter.
> 
> 
> I'd add:
> 
> 3. Some of the security chapter sub-chapters are getting awfully large
>    for the format
> 4. Making security information prominent and detailed is a worthwhile
>    goal for the Handbook
> 
> 
>>Moving a chapter between parts is easy.  So how about splitting out
>>the firewall content into a new 'firewalls/chapter.sgml' file, and
>>then temporarily adding this into the Network Services part.
>>
>>If it turns out that people do feel there is enough content for a
>>whole new <part> dedicated to security, then it will just be a one
>>line diff to move the firewalls chapter from the network <part> to a
>>new security <part>.
> 
> 
> Sure, I have no problems with interim solutions. It's the same work
> either way, and "results trump theory" :-)
> 
> - Tillman
> 
> 

I can live with the stuff above. I will consider on how to do it etc
while i am in Spain for the next 12 days. After that i will start
working on a seperated firewalls/chapter.sgml thingy and put
it into Network Services.

That is, unless someone objects to it and we need to rethink stuff etc.

Cya in 12 days :)

-- 
Kind regards,

Remko Lodder                   |remko at elvandar.org
Reporter DSINet                |remko at dsinet.org
Projectleader Mostly-Harmless  |remko at mostly-harmless.nl
Founder Tienervaders           |remko at tienervaders.org

More information about the freebsd-doc mailing list